2857 matches found
IBM MQ 安全漏洞
IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from storing passwords in client configuratio...
Garden
This is a repository for the Garden development tool, which automates workflows for Kubernetes application development and testing. The repository contains various configuration files, including .chglog/CHANGELOG.tpl.md, .circleci/config.yml, .circleci/continue-config.yml, and others. These files...
CVE-2025-55747
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...
CVE-2025-55748
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
CVE-2025-55748
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
CVE-2025-55747 XWiki Platform's configuration files can be accessed through the webjars API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...
CVE-2025-55747 XWiki Platform's configuration files can be accessed through the webjars API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...
CVE-2025-55747
CVE-2025-55747 - XWiki Platform : The vulnerability stems from configuration files being exposed via the webjars API in XWiki Platform versions 6.1-milestone-2 through 16.10.6. This information disclosure could reveal sensitive configuration data. The issue is fixed in version 16.10.7. No exploit...
CVE-2025-55747 XWiki Platform's configuration files can be accessed through the webjars API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...
GHSA-QWW7-89XH-X7M7 XWiki configuration files can be accessed through the webjars API
Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/xwiki/webjars/wiki%3Axwiki/..%2F..%2F..%2F..%2F..%2FWEB-INF%2Fxwiki.cfg. The trick here is to encode the / which is decoded when parsing the URL segment, but not re-encoded when assembling...
PT-2025-35831
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.1-milestone-2 through 16.10.6 Description: The XWiki Platform is a generic wiki platform. Affected versions allow access to configuration files through the webjars API. This issue is resolved in version 16.10.7...
Linux Distros Unpatched Vulnerability : CVE-2017-5533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...
CVE-2025-52460
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker...
Linux Distros Unpatched Vulnerability : CVE-2018-1285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in...
Linux Distros Unpatched Vulnerability : CVE-2021-44476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server...
GO-2025-3896 Default Credentials in nginx-defender Configuration Files in github.com/Anipaleja/nginx-defender
Default Credentials in nginx-defender Configuration Files in github.com/Anipaleja/nginx-defender...
CVE-2025-52460
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker...
CVE-2025-52460
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker...